1. Field of the Invention
The present invention relates to a system that will provide remote access to allow servicing of a mainframe computer site while at the same time providing for security and integrity of the mainframe computer installation. In particular, the present invention is directed to a system wherein service and maintenance of the mainframe computer system is controlled and monitored from a remote location and service on the mainframe computer system may be performed by a remote support person at a further remote location.
2. Prior Art
Current mainframe processing environments use an operator console to display messages about the system. These messages are monitored and any problems are noted. Programmers and other technicians may then become involved in solving a problem. The problem may be beyond the operations staff's ability to handle.
The mainframe computer system may be serviced and monitored from a remote location. Remote support of mainframe computer installations is becoming increasingly important. This includes both remote monitoring and service support of mainframe computer systems. Businesses have been established which are capable of monitoring and maintaining a wide variety of mainframe computer installations.
From time to time, when problems are found, it is necessary for a technician, field engineer, or remote support person to have access to the mainframe computer system. A technician or field engineer can work on the problems on site at the mainframe installation. With high speed, broad band communications, it is possible for a remote support person or field engineer to diagnose and solve mainframe computer problems from a remote location by communication from a personal computer. Accordingly, the remote support person or field engineer may be at any location. These technicians are increasingly specialized and require wide access to the mainframe computer installation.
Moreover, it is increasingly a trend for employees, including those at mainframe computer installations, to work from their homes on personal computers. In this case, the employees' home computers must be connected to the mainframe computer installations.
At the same time, the computer mainframe installation must retain its security and integrity. In the past, while limited access and "firewalls" have sometimes been employed to maintain security, the field engineer or remote support person needs wide access to the mainframe computer to diagnosis and solve the problems.
Typically, the dispatch control center is located in a secure location. This dispatch control center may be at the same physical premises as the mainframe customer site or may be at a separate location remote from the mainframe. The remote support person, however, is often times at an unsecured location and may operate from a laptop or other unsecured central processing unit machine. Additionally, the mainframe computer business has only limited controls over the field engineer. For example, a disgruntled remote support person or field engineer with wide access to the mainframe computer system could cause considerable problems.
With both the dispatch control center and the support person at remote locations from the mainframe computer center, the channels of communication are important. While secure transmission lines are possible to establish, these are expensive over long distances. Additionally, the support person may be mobile.
The development of personal computers, modems (modulator/demodulator devices) and data connections has allowed the growth of many types of computer networks. The Internet, a somewhat public network of networks, has become an increasingly useful pathway for computer communication. There is, however, a concern about the security and integrity of the Internet pathways.
One solution to security on the Internet has been the encryption of data to be transmitted. One type of encryption uses a single "key" which the sender and recipient must keep secret. Another type of popular encryption uses "public-private keys." The first is a public key made available to anyone. The second is a "secret key" which the user must not allow anyone else to see. The public and private keys work in tandem. If the secret key is stored on a computer system, it is, however, vulnerable.
The same security issues and concerns may also exist on corporate intranets and private networks.
Accordingly, the present invention is directed to an arrangement where a mainframe or mainframes are secured at a customer site and wired to a personal computer with software for console monitoring. The console monitor is in communication with a secure dispatch control center location. The dispatch control center, upon being alerted of a problem, will contact a support person to diagnose and solve the particular problem. A data encryption key is randomly generated and transmitted from the dispatch control center to both the support person's central processing unit and to the console monitor of the mainframe.
It is a further object and purpose of the present invention to provide a remote access and security system using data encryption keys wherein a data encryption key is never transmitted or sent between the remote support person's central processing unit and the mainframe installation.